Commit da010e2a authored by Mathias Vehus's avatar Mathias Vehus
Browse files

The protection flags for the session cookie has been added.

parent 5ed54ee1
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="RunConfigurationProducerService">
<option name="ignoredProducers">
<set>
<option value="com.android.tools.idea.compose.preview.runconfiguration.ComposePreviewRunConfigurationProducer" />
</set>
</option>
</component>
</project>
\ No newline at end of file
No preview for this file type
......@@ -6,6 +6,8 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import java.io.IOException;
import org.eclipse.jetty.server.CookieCutter;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.AbstractHandler;
......@@ -137,7 +139,10 @@ public class Handler extends AbstractHandler
final Stored<Account> account = session.value.account;
// User is now logged in with a valid sesion.
// We set the session cookie to keep the user logged in:
response.addCookie(new Cookie("session",session.identity.toString()));
Cookie cookie = new Cookie("session",session.identity.toString());
cookie.setHttpOnly(true);
cookie.setSecure(true);
response.addCookie(cookie);
final PrintWriter out = response.getWriter();
// Handle a logged in request.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment